<!-- Macros For M4
#define(CPWRIGHTHOST, http://cpwright.com)dnl
-->
<html>
<head>
<title>Masqdialer Server</title>
</head>
<body bgcolor="#ffffff" text="#000000" link="#ff0000" vlink="#ff0000" alink="#ff0000">
<center><a href="index.html"><img src="images/masqdialer-title.gif" alt="masqdialer" width="337" height="110" border=0></a><br><br></center>
<table valign=center><td><img src="images/help.gif" alt="Help"></td><td><h1><a name="documentation">Documentation</a></h1></td></tr><tr><td> <td>
<ul>
<li><h3><a name="docindex">Frequently Asked Questions</a></h3>
<p>This documentation applies to the latest 0.3.x server, most of it also applies to 0.1.0, but I am pushing for a new stable release so it is in a state of flux at the moment.</p>
<p><ul>
<li><a href="doc.html#docwhat" name="docwhat">What is the Masqdialer Server?</a></li>
<li><a href="doc.html#docinstall" name="docinstall">How do I install the Masqdialer Server?</a></li>
<li><a href="doc.html#docnoglibc" name="docnoglibc">I get errors about crypt when compiling?</a></li>
<li><a href="doc.html#docconfig" name="docconfig">What do I do now that I have this executable?</a></li>
<li><a href="doc.html#docmakecon" name="docmakecon">How do I define a connection to dial out?</a></li>
<li><a href="doc.html#docipfw" name="docipfw">The connection dials but my users can't use the internet!</a></li>
<li><a href="doc.html#docauth" name="docauth">How do I limit who can use a connection?</a></li>
<li><a href="doc.html#docstat" name="docstat">The server is saying my modem isn't connected when it really is!</a></li>
<li><a href="doc.html#docstatwait" name="docstatwait">After I kill the connection it says that it wasn't killed, but it really was?</a></li>
<li><a href="doc.html#doclog" name="doclog">How do I make the client's output useful?</a></li>
<li><a href="doc.html#doccspeed">How do I make the client's show the true modem connect speed?</a></li>
<li><a href="doc.html#docnetload">How do I get netload working?</a></li>
<li><a href="doc.html#docconflist" name="docconflist">What are all the configuration settings?</a></li>
<li><a href="doc.html#docsec" name="docsec">Is this thing secure?</a></li>
<li><a href="doc.html#doccontrib" name="doccontrib">I want to contribute to the project!</a></li>
<li><a href="doc.html#docpitifulbegging" name="docpitifulbegging">Hey, aren't you a poor student who should be studying rather than coding free software?</a></li>
<li><a href="doc.html#docemail" name="docemail">This documentation didn't help (the mailing list)!</a></li>
</ul></p></li>
<li><h3><a name="docwhat">What is the Masqdialer server?</a></h3>
<p>The masqdialer system is designed to let users on a LAN bring the connection
that they use to access the internet up and down. The masqdialer system has
a few advantages over other systems, mainly that it requires a human to bring
the link up and down so unlike diald or a persistent pppd process it won't
continuously dial out a broken connection and waste money. The Masqdialer also has some additional features such as network load monitoring (so that users on Windows '95 can see modem lights).</p>
<p>The Masqdialer was designed with the KISS (Keep It Simple Stupid) principle in mind. This should come as a delight to anyone who has ever tried to configure diald or other packages with the same purpose as mserver. This is also one of the reasons that Masqdialer is so stable, unlike diald (which is a stable program, and I don't intend to slight it's authors) I don't do anything all that fancy, I rely on other programs to do all the hard work. This also means that the Masqdialer is highly configurable and should work with any kind of connection.</p>
</li>
<li><h3><a name="docinstall">How do I install the Masqdialer!</a></h3>
<p>To install the masqdialer server you first need to unpack the archive which
you can get from the download section at <a href="http://cpwright.com/mserver/download/">http://cpwright.com/mserver/download/</a>.
After you unpack the archive you should type "make", and an executable called
"mserver" will be created in the mserver directory. This will also
create some utilities: mchat, authgen, and checkstat.</p>
<p>There are a few defines that you can set, by setting an
environment variable, or passing them to make on the command line. You can
enable them by setting them to 1. To set a variable you can either define
an environment variable or passing it on the command line to make.</p>
<table>
<tr><th>Variable</th><th>Effect</th>
<tr><td>USE_HASH</td><td>Use the hash table instead of the new param_dbase code.</td></tr>
<tr><td>NO_GLIBC</td><td>If you do not have glibc define this so the program will compile and link correctly. (Try this if you are having problems with crypt)</td></tr>
<tr><td>NO_FORK</td><td>For debugging purposes this will keep the server in the foreground</td></tr>
<tr><td>DEBUG</td><td>Spit out more stuff to the syslog so you can diagnose problems, it also means you will get some stuff that you don't care about, since it was originally designed to help me find bugs.</td></tr>
<tr><td>LOG_PPP</td><td>Set to the facility you want to use for mchat, this is either LOG_LOCAL2 or LOG_DAEMON, this will default to LOG_LOCAL2.</td></tr>
</table>
<p>You should move the program to /usr/local/sbin (it really doesn't matter
where you put it as long as you can execute it). You should also move LICENSE
and HISTORY to /usr/local/share/mserver.</p></li>
<li><h3><a name="docnoglibc">I get errors about crypt when compiling?</a></h3>
<p>Not all distributions have crypt.h, and the crypt library. If you pass make NO_GLIBC=1 on the command line (ex: "make NO_GLIBC=1") then mserver should compile for you. If not I would like to hear about it.</p></li>
<li><h3><a name="docconfig">What do I do now that I have this executable?</a></h3>
<p>After you have built the server you need to configure it. You should use
your favorite text editor on mserver.conf (you might want to back the original
up). There are sample configuration files for ISDN in the isdn subdirectory of
the distribution. The configuration file is made up of key/value pairs. If
you want to use a space in the value then you must use quotes (") around the
value. Boolean values must be either true, false, yes or no. Each value has
a comment above it with a reasonable description, if you have any problems
(after reading this document) you can just send me mail.</a> After you have
made your configuration file you should move it to /etc/mserver.conf.</p></li>
<li><h3><a name="docmakecon">How do I define a connection to dial out?</a></h3>
<p>Lets assume we want to make the following connections available to the clients:
<ul>
<li>CheapNet</li>
<li>FastNet</li>
</ul></p>
<p>The first requirement to do this is to ensure that you can dial these
connections out using the normal dialing tools. On RedHat you can set the
connections up with netcfg, on other distributions the interfaces that you use
to create the connections will be different. For example if I wanted to bring
up my connection I would type "/sbin/ifup cheapnet" or
"/sbin/ifup fastnet". The masqdialer just runs these scripts, it does
not create them for you so it is imperitive that they will work independently
of the server.</p>
<p>Now that I have the ability to bring the connection up and down with the
normal scripts I need to tell the server which connections to look for. To do
this I would set the cname configuration variable to a comma separated list of
connections. You should make sure that this is in quotes otherwise the
configuration parsing routines will get confused. You can not use any spaces
in the connection names otherwise you won't be able to correctly define them
later in the file. In this example the cname line in mserver.conf would be:
<pre>cname = "CheapNet,FastNet"</pre>
</p>
<p>Now that we have a cname line the server knows what connections to look for. The server wants the following pieces of information about the connection: script, kill, info, ipallow, userallow, netdev, and checkhost. These values can be
defined globally by just having them as the whole key, or on a per connection
basis by prefacing them with <i>cname</i>_key. Though you can define all these variables globally doing so does not always make sense (for script or info).</p>
<p><table>
<tr><th>Value</th><th>Description</th></tr>
<tr><td>script</td><td>This is the program or script that is used to bring up this connectioin. It can be anything you want to run as long as "/bin/sh -c "script"" would work to bring up the connection you can use it.</td></tr>
<tr><td>kill</td><td>Kill is the action used to bring the connection down. It can be defined as "internal" or a program to run. Internal only works for pppd connections and will kill the process that is locking the modem. If you do not use pppd or internal does not work for you then you should define a script. You should also have a script that will bring down any connection for the global kill variable.</td></tr>
<tr><td>info</td><td>A short description of the connection that is friendlier than the cname.</td></tr>
<tr><td>ipallow</td><td>Which IP address can manipulate this connection. This should be a list of IP addresses separated by a colon in dotted quad notation. You can replace the quads with * to allow any number in that quad. For example: 192.168.1.1 would allow only 192.168.1.1 to manipulate the modem, 192.168.1.* would allow any user on the 192.168.1 subnet to manipulate the modem, *.*.*.* would allow anybody to manipulate the connection.</td></tr>
<tr><td>userallow</td><td>Which users can manipulate this connection. This should be a comma separated list of usernames.</td></tr>
<tr><td>netdev</td><td>What netdev is used for the netdev stat method? (This is only needed if you use the netdev stattype.)</td></tr>
<tr><td>checkhost</td><td>What host should be checked for the exitcode stat method? (This is only needed if you use the exitcode stattype.)</td></tr>
</table></p>
<p>Armed with this information we can actually define our connections which will look something like this:
<pre>
kill = "internal" # Default to internal kill method
ipallow = "127.0.0.1:192.168.1.*:192.168.2.1" # Allow only localhost or anyone
# on our subnet to manipulate
# connections.
FastNet_script = "/sbin/ifup fastnet"
FastNet_kill = "/sbin/ifdown fastnet"
Fastnet_info = "Fast Internet Provider"
FastNet_userallow = "cooldude,funguy" # Make sure only certain people
# can manipulate this connection
CheapNet_script = "/sbin/ifup cheapnet"
CheapNet_info = "Cheap ISP"
CheapNet_userallow = "*" # Anybody can manipulate this
# connection
</pre>
</p>
</li>
<li><h3><a name="docipfw">The connection dials but my users can't use the internet!</a></h3>
<p>The masqdialer server does not automatically setup IP forwarding, since this
is slightly different on some systems and it would increase the amount of logic
that would be inside of the server I have opted to leave the best way to implement
this to the administrator. There are essentially two options:
<ul><li>Let every machine use the internet whenever there is a connection dialed out</li>
<li>Let only those machines connected to the Masqdialer server use the internet</li></ul>
I personally endorse the first option because it is simpler, but in some situations
it is not appropriate.</p>
<p>If you are using Linux you will either need to learn how to use ipfwadm (Linux 2.0.x)
or ipchains (Linux 2.2.x). You should run "man ipfwadm" or "man ipchains" to learn
how to use the appropriate program.</p>
<p>If you run Kernel 2.2 and need to use ipchains the following commands will setup
IP masquerading for the 192.168.1.0 subnet and setup ip accounting on the ppp0 interface.
<pre>
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
/sbin/ipchains -A input -i ppp0
/sbin/ipchains -A output -i ppp0
</pre>Even though these commands will probably work I still suggest learning how to
use the program for real.</p>
<p>If you run Kernel 2.0 and need to use ipfwadm the following command should setup
IP masquerading for 192.168.1.0 and IP accounting for ppp0. Again I suggest you
learn how to use these programs, even if these commands work. (I have stolen these
from the ipfwadm howto, and have not tested them, I would appreciate it if someone does)
<pre>
/sbin/ipfwadm -F -f
/sbin/ifpwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -A -f
/sbin/ifpwadm -A in -W ppp0
/sbin/ifpwadm -A out -W ppp0
</pre>
</p>
<p>You can use clientup, clientdown, authup, and authodwn scripts to
control which machines can access the internet. I'll leave it as an exercise
to the reader to figure out what is best for them. There are sample scripts
included in the mserver distribution in the firewallscripts directory.</p></li>
<li><h3><a name="docauth">How do I limit who can use a connection?</a></h3>
<p>The Masqdialer server can validate users based on username and password
combinations and on the IP address of the client. For a user to be allowed to
use a connection they must meet the username and IP address requirements that
you specify.</p>
<p>The masqdialer server uses the following variables to determine who can
manipulate a connection:
<ul>
<li>userallow</li>
<li>userallow_connect</li>
<li>userallow_disconnect</li>
<li>userallow_config</li>
<li>ipallow</li>
<li>ipallow_connect</li>
<li>ipallow_disconnect</li>
<li>ipallow_config</li>
</ul>
The data used to determine who can do any action is the base userallow (or
ipallow) and the extra data concatenated together.</p>
<p>User allow strings should be comma separated lists of users, for example
"sun,hardware,rocks" would allow the users "sun",
"hardware", and "rocks" to use the connection.</p>
<p>IP allow strings should be a list of IP masks separated by colons. The
IP mask should always consist of four quads, with a period separating them.
The authentication routines will match if the quad is the same number as
the client's IP address or a '*'. If you wanted all clients to be able
to use the connection then you would specify "*.*.*.*", if you
only wanted the 192.168.1.0 subnet to use it then you would select
"192.168.1.*" as your IP mask. You should generally allow the
localhost to perform operations so "127.0.0.1:192.168.1.*" would
be an appropriate IP mask.</p>
<p>In addition to the normal connections you can use "lock" and
"admin" as connection names for authentication purposes.
"lock" specifies what users can lock the connection, and
"admin" specifies what users are server administrators.</p>
</li>
<li><h3><a name="docstat">The server is saying my modem isn't connected when it really is!</a></h3>
<p>The server will take a look around your system to determine whether the modem
is connected. It keeps no information about whether the connection is up or
down, each time it needs this it will perform a getstat routine. There are
four methods for bringing the server up or down pppdlock, netdev, lockonly and
exitcode. To select one of the methods you should change the stattype line of
your mserver.conf.</p>
<p>The first is the most common and preferred method if you are using PPP and a
modem. This method relies upon the file /var/lock/LCK..ttyname, you should ls
/var/lock/LCK..* and then change your lockfile line in mserver.conf to this.</p>
<p>netdev will look in /proc/net/dev for an interface, if that interface exists
it will decide the connection is up. You should cat /proc/net/dev and find
an interface that exists only when you are connected. The device is defined
per connection (CNAME_netdev), but defaults to the value of netdev.</p>
<p>The third method which isn't as reliable as it could be is lockonly which
will just check for the existence of a specific file. It uses the lockfile
variable to determine this file. Use of this is discouraged unless you have a
really good reason to use it (like IPPPD support).</p>
<p>The final method is really designed for really weird stuff that can not take
advantage of any other stat method. It would be nicer to write a specific stat
method, but to initially get it working exitcode should work for everyone.
Exitcode relies on three variables: linkcheck, checkhost, and good code. linkcheck is passed as a string to snprintf you should put %s where you want
the value in checkhost to show up in the command. Goodcode contains the integerreturn value of the program when the link is up. Checkhost can be defined on a per connection basis with CNAME_checkhost, but will fall back to the default checkhost variable.</p>
</li>
<li><h3><a name="docstatwait">After I kill the connection it says that it wasn't killed, but it really was?</a></h3>
<p>The server will normally check the status of the connection right after the
script that you set to kill it returns. Unfortunately the modem doesn't always hangup, and PPPD may not be cleaned up at this point. You can force the server to wait a period of time by setting "statwait = n" (where n is a number of seconds in the configuration file).</p>
</li>
<li><h3><a name="doclog">How do I make the client's output useful?</a></h3>
<p>The server uses the PPPD log to give the client output as it is dialing the
connection. The server will use the PPPD output for alll of the important
output, but it is useful to see other information that you can only determine
from the output of chat. If you don't log PPPD to a file you need to set
parselog = none in your mserver.conf.</p>
<p>To have chat tell you what it is doing you need to put it into verbose mode.
If you have Red Hat 5.x you can set DEBUG to true for the connection and the
chat information will be sent to the syslog, on other distributions you need to pass chat the -v flag.</p>
<p>For optimal output you should really have chat and pppd going, unfortunately
the chat and pppd programs can send their output to different syslog facilities.
The enclosed mchat will send the output to LOG_PPP, which can be selected on
the make command line. The output will also always be set to verbose. If you
have a normal PPPD this should be set to LOG_LOCAL2, however if it was compiled
with any debug options on, it should be set to LOG_DAEMON.</p>
<p>Using mchat also has the added advantage that it is the same one that I use
so your output will probably be better than if you have one that is slightly
different. Aside from the logging differences mchat is the same as the normal
chat program.</p></li>
<li><h3><a name="doccspeed">How do I make the client's show the true modem connect speed?</a></h3>
<p>The first thing to do is ensure that chat sends this information to the syslog, in Redhat you can do this by setting debug to true in the netcfg control panel. You may need to add extra parameters to your modem initialization string. ATW=1DT1234567 works on many modems. For more information you should consult your modem manufacturers manual.</p>
<p>You also need to make sure your parselog variable is set to pppd, and you have speedsearch set to true in your mserver.conf.</p></li>
<li><h3><a name="docnetload">How do I get netload working?</a></h3>
<p>All you should need to do is enable ip accounting. With ipfwadm the following commands should work:
<pre>
/sbin/ipfwadm -A in -i -W ppp0
/sbin/ipfwadm -A out -i -W ppp0
</pre>
With ipchains the following commands should work:
<pre>
/sbin/ipchains -A input -i ppp0
/sbin/ipchains -A output -i ppp0
</pre></p></li>
<li><h3><a name="docconflist">What are all the configuration settings?</a></h3>
<p>The following values are valid configuration settings, some of them can be defined on a per connection basis.</p>
<table>
<tr><th>Value</th><th>Per Connection</th><th>Description</th>
<tr><td>authfile</td><td> </td><td>What file contains the username/password combinations. It is in the of /etc/passwd. You might want to choose something else as your file since transmitting unix passwords over the network in the clear is a bad thing. You can use the provided authgen utility to setup an authorization file.</td></tr>
<tr><td>chatstr</td><td> </td><td>What should we look for in the logfile to decide what a chat string is? I don't know why you would want to change this, but put it in for completeness since you can select the pppd string.</td></tr>
<tr><td>checkhost</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What host should we make sure is active when performing a linkcheck? I suggest using an IP number instead of a hostname to expedite the operation, this gets performed a lot and the longer it takes for it to happen the more frustrated a user will get.</td></tr>
<tr><td>clientup</td><td> </td><td>What script should we run just after a client connects? The script is passed the client hostname.</td></tr>
<tr><td>clientdown</td><td> </td><td>What script should we run just after a client disconnects? The script is passed the client hostname.</td></tr>
<tr><td>cname</td><td> </td><td>What are the names of our connections? The order that they are listed is the order that LIST will use, the first one is the default connection for some clients.</td></tr>
<tr><td>cspeed</td><td> </td><td>How fast is your modem, this is a fallback if the server can not find your speed, or if you have speedsearch set to false.</td></tr>
<tr><td>demon</td><td> </td><td>Do we fork into the background and close stdin, stdout, and sterr?</td></tr>
<tr><td>devfile</td><td> </td><td>What file should we look for netdevices in?</td></tr>
<tr><td>goodcode</td><td> </td><td>What code do we want our linkcheck command to return. This is most likely zero.</td></tr>
<tr><td>history</td><td> </td><td>The location of the file containing the version history that is returned by the HISTORY command.</td></tr>
<tr><td>info</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>This is a string that is displayed when CINFO is called, it isn't actually used for any dialing, but just for cosmetics. The clients may eventually depend on this so I suggest setting it.</td></tr>
<tr><td>ipallow</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What IP addresses are allowed to manipulate this connection. You are allowed up to 10 different masks separated by colons. You must either use the real numbers or a '*' to match any in each quad. You must specify all of the quads# that is '*' wouldn't work but '*.*.*.*' would. This will allow a machine to dial, kill, and configure the connection.</td></tr>
<tr><td>ipallow_config</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What IP addresses are allowed to configure this connection.</td></tr>
<tr><td>ipallow_connect</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What IP addresses are allowed to dial out this connection.</td></tr>
<tr><td>ipallow_disconnect</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What IP addresses are allowed to disconnect out this connection.</td></tr>
<tr><td>kill</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>Kill is the action used to bring the connection down. It can be defined as "internal" or a program to run. Internal only works for pppd connections and will kill the process that is locking the modem. If you do not use pppd or internal does not work for you then you should define a script. You should also have a script that will bring down any connection for the global kill variable.</td></tr>
<tr><td>killsig</td><td> </td><td>The signal to use when killing PPPD for an internal shutdown method, you need to preface it with a "-" since this is the second argument to the kill command</td></tr>
<tr><td>license</td><td> </td><td>The location of the file containing the LICENSE that is returned by the LICENSE command. You should have recieved a copy of the GPL with this program.</td></tr>
<tr><td>linkcheck</td><td> </td><td>What command should we use to check the link status? If the link is good it should return 0, otherwise it should return a non-zero value. This is used as the string to snprintf, the %s will be replaced with the checkhost which is defined below.</td></tr>
<tr><td>listen_on</td><td> </td><td>Which interface does the server listen on. Default is 0.0.0.0, which means the server listens on ALL interfaces. Only one interface can be specified at the moment (e.g., listen_on = "192.168.1.1").
<tr><td>lock_pendingkill</td><td> </td><td>Accept hangup requests when locked and kill connection when the last KILL lock is released?</td></tr>
<tr><td>lockfile</td><td> </td><td>What is the lockfile for your modem, dial out as normal and then look in /var/lock</td></tr>
<tr><td>logfile</td><td> </td><td>Where do pppd and chat spit out their messages?</td></tr>
<tr><td>logtimeout</td><td> </td><td>How long will we try to look at the PPPD logfile before giving up?</td></tr>
<tr><td>multiclientdisconnect</td><td> </td><td>If there is more than one client is one of them allowed to hangup the connection?</td></tr>
<tr><td>netdev</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What is the name of your interface that exists when and only when you are connected?</td></tr>
<tr><td>parselog</td><td> </td><td>What should we do to parse the logfile to give interactive output? Valid options are pppd, ipppd, or none</td></tr>
<tr><td>pppdstr</td><td> </td><td>What should we look for in the logfile to decide what a (I)PPPD string is? If you have a normal modem this is most probably "pppd[", however if you use IPPPD this may be "pppd[" or "ipppd[".</td></tr>
</td></tr>
<tr><td>script</td><td></td><td>What is the command you use to bring up the connection, this can be a script or you can call pppd directly.</td></tr>
<tr><td>shadow</td><td> </td><td>Should we use shadow passwords? This requires that you run the daemon as root and that you use the account names in /etc/passwd. This is probably not as good as a separate authorization file because the passwords are being sent over the network, but it is convenient. If you use this option the authfile will be ignored and the server will use the functions in shadow.h!</td></tr>
<tr><td>slimit</td><td> </td><td>How many clients can we have waiting on the incoming queue before they get locked out</td></tr>
<tr><td>speedsearch</td><td> </td><td>Should we search the PPP logfile for the connect speed (this should be set to true for optimal operation).</td></tr>
<tr><td>stattype</td><td> </td><td>What version of getstat should we use? pppdlock, pppdpid, netdev, lockonly and exitcode are your choices if you are using PPP then you should really use pppdlock. "pppdpid" will check for a specific PID of pppd instead of checking whether a specific line has PPPD running for it. "netdev" will search for a specific interface. If you want to check if a file simply exists then use lockonly. Exitcode will execute a program and if it returns the value in goodcode then the link will count as being up.</td></tr>
<tr><td>statwait</td><td> </td><td>How long after doing something to the connection should we wait to try a stat method?</td></tr>
<tr><td>userallow</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What users are allowed to manipulate this connection? "*" or "" will allow any user to manipulate it, otherwise provide a comma separated list of users. This will allow a user to connect, disconnect, and configure the connection.</td></tr>
<tr><td>userallow_connect</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What users are allowed to dial out this connection?</td></tr>
<tr><td>userallow_disconnect</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What users are allowed to kill this connection?</td></tr>
<tr><td>userallow_config</td><td><img border=0 src="images/check.gif" width=20 height=20></td><td>What users are allowed to configure this connection?</td></tr>
<tr><td>whoauth</td><td> </td><td>Should we provide who information to only validated users?</td></tr>
<tr><td>zeroclientdisconnect</td><td> </td><td>Should we disconnect if we are not currently serving any clients?</td></tr>
</table>
</li>
<li><h3><a name="docsec">Is this thing secure?</a></h3>
<p>If you are deploying this on your LAN is is probably on your gateway, this
means without taking the appropriate precautions you could leave a server
running that accepts data from the network open to nasty people. This is never
a good idea.</p>
<p>The first thing to do is make sure you set the listen_to configuration
variable to something other than 0.0.0.0:224. For example if the IP address of your Linux box on the LAN is 192.168.1.1 you would add the line "listen_to = 192.168.1.1:224" to your mserver.conf.</p>
<p>I trust ipfwadm port blocking more than my IP checking code and think that
having two methods of stopping nasty people is better than one. I hope you
do the same. You can add these line to your /etc/rc.d/rc.local (or equivalent
script):</p>
<pre>
/sbin/ipfwadm -I -f # This will clear all rules, only do this if this is your
# only rule.
/sbin/ipfwadm -I -p accept # By default let everything through
/sbin/ipfwadm -I -a deny -W ppp0 -P tcp -D 0.0.0.0/0 224
</pre>
<p>Aside from telling you how to stop people on the outside from getting at the
server you can read the code and inform me of any bugs you find. I try not to
do anything blatantly stupid, but that doesn't mean something won't slip in.
I have made a concious effort to read every line of code and make sure there
are no errors, but that doesn't mean bugs do not exist or were not introduced
after the last time I have done it. I would appreciate it if those users who
know C would read the code, the more people who look at it the better.</p></li>
<li><h3><a name="doccontrib">I want to contribute to the project!</a></h3>
<p>The best way to help the project is to look at the <a href="#docroadmap">roadmap</a> and then pick something on it and do it. You can also add what features you think are important or lacking, this is important as I don't have the same needs as the rest of you so I won't think of features or implement them if I don't recognize the need for them.</p>
<p>You can also send me feature requests or (preferably) reproduceable bug reports. If you send me bug reports with code attached that makes me even happier. If you can't code you can still help the project by writing documentation or sending bug reports.</p>
<li><h3><a name="docpitifulbegging">Hey, aren't you a poor student who should be studying rather than coding free software?</a></h3>
<p>Yes, but I enjoy working on free software however hardware, monetary or any other type of contribution are always welcome, even with the help of the many contributors I still devote a lot of my time to the masqdialer server. If you have some <a href="http://www.sun.com/">Sun</a> (or even i386 stuff, that is after all what I develop mserver on) that you are willing to give me a good deal on or trade for features then please <a href="mailto:cpwright@cpwright.com">send me mail</a>.</p>
<p>Another easy way of giving (about $.06) to the project is clicking on the
advertisements on <a href="http://cpwright.com/mserver/">The Masqdialer Page</a>, remember it costs you nothing and if 500 of you do it then I'll get $30. Not a bad deal.<!--#include virtual="/advert/index.txt" --></p>
<p>You can also get a "registered" version of the server by sending me any amount of money, in return you can get a random string of letters like "DLjLsdFeZc" that you can put in your mserver.conf. This will make the server behave exactly the same and will entitle you to no more benefits than you have now.</p></li>
<li><h3><a name="docemail">This documentation didn't help (the mailing list)!</a></h3>
<p>You can look the the Masqdialer mailing list <a href="http://cpwright.com/mserver/list/maillist.html">archives</a> and see if someone else has already have your problem. If your question was not answered after you
have read the documentation and perused the mailing list archives feel free to
subscribe to the masqdialer mailing list by sending mail to
<a href="mailto:majordomo@cpwright.com">majordomo@cpwright.com</a> with
"subscribe mserver" in the body. Then send mail to
<a href="mailto:mserver@cpwright.com">mserver@cpwright.com</a> to post.</p></ul>
</td></tr></table>
</center>
</body>
</html>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
de96f693fc41a166d9a22b72d373055c
>
files
>
21
